docker 映象倉庫Harbor https訪問
配置harbor的https
為什麼要配置https?
因為後續你將映象打包好放入到harbor倉庫中,若是生產環境的映象,會包含很多隱私的配置檔案(db,redis等),需要用到https進行加密
參考文件:https://github.com/goharbor/harbor/blob/master/docs/configure_https.md
下載:https://github.com/goharbor/harbor/releases
下載:docker-compose
https://docs.docker.com/compose/install/#install-compose
配置如下
1、在harbor的目錄中新建ssl目錄,用來存放自簽證書
[
2、[[email protected] harbor]# cd ssl/
3、[[email protected] ssl]# openssl genrsa -out ca.key 4096
4、主要是這裡的域名test.com 就是待會訪問harbor的域名
[[email protected] ssl]# openssl req -x509 -new -nodes -sha512 -days 3650 \
-subj "/C=GZ/ST=Guangd/L=Taipei/O=example/OU=Personal/CN=test.com" \
-key ca.key \
-out ca.crt
5、[
6、[[email protected] ssl]# openssl req -sha512 -new \
-subj "/C=GZ/ST=Guangd/L=Taipei/O=example/OU=Personal/CN=test.com" \
-key test.com.key \
-out test.com.csr
7、[[email protected] ssl]# cat > v3.ext <<-EOF
authorityKeyIdentifier=keyid,issuer
basicConstraints=CA:FALSE
keyUsage = digitalSignature, nonRepudiation, keyEncipherment, dataEncipherment
extendedKeyUsage = serverAuth
subjectAltName = @alt_names
[alt_names]
DNS.1=test.com
DNS.2=test
DNS.3=hostname
EOF
8、[[email protected] ssl]# openssl x509 -req -sha512 -days 3650 \
-extfile v3.ext \
-CA ca.crt -CAkey ca.key -CAcreateserial \
-in test.com.csr \
-out test.com.crt
9、修改配置檔案
[[email protected] harbor]# vi harbor.cfg
hostname = test.com #這個就是你訪問的地址
ui_url_protocol = https
ssl_cert = ./ssl/test.com.crt
ssl_cert_key = ./ssl/test.com.key
harbor_admin_password = 123456
10、過載配置檔案
[[email protected] harbor]# ./prepare
11、安裝,這個過程需要等5分鐘
[[email protected] harbor]# ./install.sh 
12、結果正常
13、繫結hosts,訪問
